If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Puzzled

My hormonally driven teenage son opens an e-mail message with "Snow White..." in the subject line using outlook on a win98 box. Message has no visible attachment or message. At the time the message was opened I had installed all the windows updates and was running NAV with updated definitions. I am also running Sygate Personel Firewall.

Now for my question (other than which military school to ship said son off to), The fire wall shows kernel32.dll listening on 3 ports (137, 138 & 139). I don't recall seeing this. Is it normal?
NAV scan has not detected anything. I downloaded the EICAR test string and it detected that, but I am still unconvinced (read paranoid). I run F-prot from a cd and it also did not detect anything, but the firewall shows kernel32.dll trying to connect to the internet.

Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
- Samuel Johnson

Ummm, the Snow White message is a virus. I would bet money that it was sent from hahaha@yahoo.com (if I remember correctly). It installs a back door trojan on your puter. If NAV isn't showing anything, you need to update your virus definations. If you don't want to pay for new definations, you can get AVG from www.grisoft.com for free. If for some reason that still doesn't work, go to www.tauscan.org and download the trojan cleaner program (can't remember the name).

Soulman...I know about the snowwhite virus, that's why number one son is hanging from the yard arm by his hormones. What puzzles me is that norton (with current definitions) nor F-prot (again with current defs) does not detect anything. Makes my paranoid meter go tilt. According to the Sygate traffic log, kernel32.dll never tried to access until 3/01, the same day that e-mail was opened.

If an up to date Norton isn't detecting anything than chances are the trojan didn't install. try a free online virus/trojan scanner here....Also, The Cleaner is a good little trojan removal tool. You can get it here....It's shareware and only lasts 30 days but that should be more than enough time to remove that evil temptress, SnoWhite....